3
DevOps Challenges Quiz
Test your knowledge on DevOps practices in the cloud with this engaging quiz! Dive into scenarios that require critical thinking and a strong understanding of AWS services.
- 10 challenging questions
- Focus on real-world applications
- Evaluate your skills and knowledge in AWS DevOps
A devops engineer wants to deploy a serverless web application based on AWS Lambda. The deployment must meet the following requirements: • Provide staging and production environments. • Restrict the developers from accessing the production environment. • Avoid hard coding passwords in the Lambda functions • Store source code in AWS CodeCommit. • Use AWS CodePipeline to automate the deployment. Which solution will accomplish this?
Create separate staging and production accounts to segregate deployment targets. Use AWS KMS to store environment-specific values Use CodePipeline to automate deployments with AWS CodeDeploy.
Create separate staging and production accounts to segregate deployment targets. Use Lambda environment variables to store environment-specific values. Use CodePipeline to automate deployments with AWS CodeDeploy.
Define tagging conventions for staging and production environments to segregate deployment targets. Use AWS KMS to store environment-specific values Use CodePipeline to automate deployments with AWS CodeDeploy.
Define naming conventions for staging and production environments to segregate deployment targets. Use Lambda environment variables to store environment-specific values. Use CodePipeline to automate deployments with AWS CodeDeploy
A government agency is storing highly confidential files in an encrypted Amazon S3 bucket. The agency has configured federated access and has allowed only a particular on-premises Active Directory user group to access this bucket. The agency wants to maintain audit records and automatically detect and revert any accidental changes administrators make to the IAM policies used for providing this restricted federated access. Which of the following options provide the FASTEST way to meet these requirements?
Configure an Amazon CloudWatch Events Event Bus on an AWS CloudTrail API for triggering the AWS Lambda function that detects and reverts the change.
Configure an AWS Config rule to detect the configuration change and execute an AWS Lambda function to revert the change.
Schedule an AWS Lambda function that will scan the IAM policy attached to the federated access role for detecting and reverting any changes.
Restrict administrators in the on-premises Active Directory from changing the IAM policies
A DevOps Engineer is launching a new application that will be deployed using Amazon Route 53, an Application Load Balancer, Auto Scaling, and Amazon DynamoDB. One of the key requirements of this launch is that the application must be able to scale to meet a sudden load increase. During periods of low usage, the infrastructure components must scale down to optimize cost. What steps can the DevOps Engineer take to meet the requirements? (Select TWO.)
Use AWS Trusted Advisor to submit limit increase requests for the Amazon EC2 instances that will be used by the infrastructure.
Determine which Amazon EC2 instance limits need to be raised by leveraging AWS Trusted Advisor, and submit a request to AWS Support to increase those limits.
Enable Auto Scaling for the DynamoDB tables that are used by the application.
Configure the Application Load Balancer to automatically adjust the target group based on the current load.
Create an Amazon CloudWatch Events scheduled rule that runs every 5 minutes to track the current use of the Auto Scaling group. If usage has changed, trigger a scale-up event to adjust the capacity. Do the same for DynamoDB read and write capacities.
A company uses federated access for its AWS environment The available roles are created and managed using AWS CloudFormation from a CI/CD pipeline. All changes should be made to the IAM roles through the pipeline. The security team found that changes are being made to the roles out-of-band and would like to detect when this occurs. Which action will accomplish this?
Use Amazon Inspector rules to detect and notify when a CloudFormation stack has a configuration change.
Use an AWS Trusted Advisor CloudWatch Events rule to detect and notify when a CloudFormation stack has a configuration change.
Use AWS CloudTrail to detect and notify when a CloudFormation stack has detected a configuration change.
Use an AWS Config rule to detect and notify when a CloudFormation stack has detected a configuration change.
According to Information Security Policy, changes to the contents of objects inside production Amazon S3 bucket that contain encrypted secrets should only be made by a trusted group of administrators. How should a DevOps Engineer create real-time, automated checks to meet this requirement?
Create an AWS Lambda function that is triggered by Amazon S3 data events for object changes and that also checks the IAM user's membership in an administrator's IAM role.
Create a periodic AWS Config rule to query Amazon S3 Logs for changes and to check the IAM user's membership in an administrator's IAM role.
C. Create a metrics filter for Amazon CloudWatch logs to check for Amazon S3 bucket-level permission changes and to check the IAM user's membership in an administrator's IAM role.
Create a periodic AWS Config rule to query AWS CloudTrail logs for changes to the Amazon S3 bucket-level permissions and to check the IAM user's membership in an administrator's IAM role.
Company policies require that information about IP traffic going between instances in the production Amazon VPC is captured. The capturing mechanism must always be enabled and the Security team must be notified when any changes in configuration occur. What should be done to ensure that these requirements are met?
Using the UserData section of an AWS CloudFormation template, install tcpdump on every provisioned Amazon EC2 instance. The output of the tool is sent to Amazon EFS for aggregation and querying. In addition, scheduling an Amazon CloudWatch Events rule calls an AWS Lambda function to check whether tcpdump is up and running and sends an email to the security organization when there is an exception.
Create a flow log for the production VPC and assign an Amazon S3 bucket as a destination for delivery. Using Amazon S3 Event Notification, set up an AWS Lambda function that is triggered when a new log file gets delivered. This Lambda function updates an entry in Amazon DynamoDB, which is periodically checked by scheduling an Amazon CloudWatch Events rule to notify security when logs have not arrived.
Create a flow log for the production VPC. Create a new rule using AWS Config that is triggered by configuration changes of resources of type " ̃EC2:VPC'. As part of configuring the rule, create an AWS Lambda function that looks up flow logs for a given VPC. If the VPC flow logs are not configured, return a " ̃NON_COMPLIANT' status and notify the security organization.
Configure a new trail using AWS CloudTrail service. Using the UserData section of an AWS CloudFormation template, install tcpdump on every provisioned Amazon EC2 instance. Connect Amazon Athena to the CloudTrail and write an AWS Lambda function that monitors for a flow log disable event. Once the CloudTrail entry has been spotted, alert the security organization
A DevOps Engineer is designing a deployment strategy for a web application. The application will use an Auto Scaling group to launch Amazon EC2 instances using an AMI. The same infrastructure will be deployed in multiple environments (development, test, and quality assurance). The deployment strategy should meet the following requirements: "¢ Minimize the startup time for the instance "¢ Allow the same AMI to work in multiple environments "¢ Store secrets for multiple environments securely
Preconfigure the AMI using an AWS Lambda function that launches an Amazon EC2 instance, and then runs a script to install the software and create the AMI. Configure an Auto Scaling lifecycle hook to determine which environment the instance is launched in, and, based on that finding, run a configuration script. Save the secrets on an .ini file and store them in Amazon S3. Retrieve the secrets using a configuration script in EC2 user data.
Preconfigure the AMI by installing all the software using AWS Systems Manager automation and configure Auto Scaling to tag the instances at launch with their specific environment. Then use a bootstrap script in user data to read the tags and configure settings for the environment. Use the AWS Systems Manager Parameter Store to store the secrets using AWS KMS.
Use a standard AMI from the AWS Marketplace. Configure Auto Scaling to detect the current environment. Install the software using a script in Amazon EC2 user data. Use AWS Secrets Manager to store the credentials for all environments.
Preconfigure the AMI by installing all the software and configuration for all environments. Configure Auto Scaling to tag the instances at launch with their environment. Use the Amazon EC2 user data to trigger an AWS Lambda function that reads the instance ID and then reconfigures the setting for the proper environment. Use the AWS Systems Manager Parameter Store to store the secrets using AWS KMS.
A DevOps Engineer has been asked to recommend a tool to deploy the components of a three-tier web application. This application will use Amazon DynamoDB as a database Which deployment requires the LEAST amount of operational management?
Use AWS CloudFormation to create a Classic Load Balancer and an Auto Scaling group. Use AWS OpsWorks to create the application and database resources Deploy application updates with OpsWorks using lifecycle events
Use AWS OpsWorks to create a Classic Load Balancer, an Auto Scaling group application, and database resources Deploy application updates using OpsWorks lifecycle events
Use AWS OpsWorks to create a Classic Load Balancer Auto Scaling and application resources Use AWS CloudFormation to create the database resources Deploy application updates using CloudFormation rolling updates
Use AWS CloudFormation to create a Classic Load Balancer an Auto Scaling group and database resources Deploy application updates using CloudFormation rolling updates
A DevOps engineer used an AWS CloudFormation custom resource to set up AD Connector. The AWS Lambda function executed and created AD Connector, but CloudFormation is not transitioning from CREATE_IN_PROGRESS to CREATE.COMPLETE. Which action should the engineer take to resolve this issue?
Ensure the Lambda function code has exiled successfully.
Ensure the Lambda function code returns a response to the pre-signed URL.
Ensure the Lambda function IAM role has cloudformation:UpdateStack permissions for the stack ARN.
Ensure the Lambda function IAM role has ds:ConnectDirectory permissions for the AWS account.
A company uses AWS Storage Gateway in file gateway mode in front of an Amazon S3 bucket that is used by multiple resources. In the morning when business begins, users do not see the objects processed by a third party the previous evening. When a DevOps engineer looks directly at the S3 bucket, the data is there, but it is missing in Storage Gateway. Which solution ensures that all the updated third-party files are available in the morning?
Configure a nightly Amazon EventBridge (Amazon CloudWatch Events) event to trigger an AWS Lambda function to run the RefreshCache command for Storage Gateway.
Instruct the third party to put data into the S3 bucket using AWS Transfer for SFTP.
Modify Storage Gateway to run in volume gateway mode.
Use S3 same-Region replication to replicate any changes made directly in the S3 bucket to Storage Gateway.
{"name":"3", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your knowledge on DevOps practices in the cloud with this engaging quiz! Dive into scenarios that require critical thinking and a strong understanding of AWS services.10 challenging questionsFocus on real-world applicationsEvaluate your skills and knowledge in AWS DevOps","img":"https:/images/course8.png"}
More Quizzes
Basic terrform Quiz
12619
Cloud Computing Concepts
16825
AWS June 2022
10513
Associate Cloud Engineer Exam#4 - Marked Exam 1
201025
Cloud Fundamentals
1477
AWS-DA(291-300)
10515
Ansible Quiz
11610
Master Jenkins: Test Your Knowledge
11612
AWS Cloud Solutions Knowledge Quiz
10515
IaC (Terraform)
7448
4
10515
Cloud Computing Quiz
7428